I’m now setting up keycloak(version 18.0.2) as an saml2.0 IDP which could integrate with my own developed application as SP.
I create realm, client, client scope. And it looks everything works. But when I test the saml sso login and find the keycloak AuthnResponse dosn’t contains the field “InResponseTo” which should equal to the AuthnRequest ID.
“The following is the extraction of the keycloak response to saml authnRequest”:
<samlp:Response xmlns:samlp=“urn:oasis:names:tc:SAML:2.0:protocol” xmlns:saml=“urn:oasis:names:tc:SAML:2.0:assertion” Destination=“… …” ID=“ID_9d0390e3-900c-404a-a19e-9060ad9ea455” IssueInstant=“2022-08-18T06:46:40.022Z” Version=“2.0”>saml:Issuer…</saml:Issuer> …
My application really need to verify this “InResposneTo” field to match the request sent out.
So any idea why keycloak doesn’t sent this field back in the SAML authnResponse? Do I miss some configuration in the keycloak system?